From 9707bc8a58e62d896db45c16bb70162f07663061 Mon Sep 17 00:00:00 2001 From: Techno Tim Date: Mon, 14 Aug 2023 12:30:42 -0500 Subject: [PATCH 01/23] fix(docs): updated kube-vip url (#341) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ff3f1e7ad..cdb24fd0f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This playbook will build an HA Kubernetes cluster with `k3s`, `kube-vip` and MetalLB via `ansible`. -This is based on the work from [this fork](https://github.com/212850a/k3s-ansible) which is based on the work from [k3s-io/k3s-ansible](https://github.com/k3s-io/k3s-ansible). It uses [kube-vip](https://kube-vip.chipzoller.dev/) to create a load balancer for control plane, and [metal-lb](https://metallb.universe.tf/installation/) for its service `LoadBalancer`. +This is based on the work from [this fork](https://github.com/212850a/k3s-ansible) which is based on the work from [k3s-io/k3s-ansible](https://github.com/k3s-io/k3s-ansible). It uses [kube-vip](https://kube-vip.io/) to create a load balancer for control plane, and [metal-lb](https://metallb.universe.tf/installation/) for its service `LoadBalancer`. If you want more context on how this works, see: From a9904d15629294f9974eddb08fe5f0cd181cc78b Mon Sep 17 00:00:00 2001 From: Marek Pilch <47844572+marpi82@users.noreply.github.com> Date: Tue, 15 Aug 2023 00:37:20 +0200 Subject: [PATCH 02/23] =?UTF-8?q?fixes:=20ERROR!=20The=20requested=20handl?= =?UTF-8?q?er=20<'Reboot=20containers'=20/=20'Reboot=20se=E2=80=A6=20(#348?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixes: ERROR! The requested handler <'Reboot containers' / 'Reboot server' / 'Reboot>' was not found in either the main handlers list nor in the listening handlers list * Update main.yml --- roles/lxc/handlers/main.yml | 1 + roles/proxmox_lxc/handlers/main.yml | 2 ++ roles/raspberrypi/handlers/main.yml | 1 + 3 files changed, 4 insertions(+) diff --git a/roles/lxc/handlers/main.yml b/roles/lxc/handlers/main.yml index 7d73985d6..6450e4c7f 100644 --- a/roles/lxc/handlers/main.yml +++ b/roles/lxc/handlers/main.yml @@ -2,3 +2,4 @@ - name: Reboot server become: true reboot: + listen: reboot server diff --git a/roles/proxmox_lxc/handlers/main.yml b/roles/proxmox_lxc/handlers/main.yml index 565c882cb..0d5d983de 100644 --- a/roles/proxmox_lxc/handlers/main.yml +++ b/roles/proxmox_lxc/handlers/main.yml @@ -5,7 +5,9 @@ set_fact: proxmox_lxc_filtered_ids: >- {{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }} + listen: reboot containers - name: Reboot container command: "pct reboot {{ item }}" loop: "{{ proxmox_lxc_filtered_ids }}" changed_when: true + listen: reboot containers diff --git a/roles/raspberrypi/handlers/main.yml b/roles/raspberrypi/handlers/main.yml index ac385a780..93e745962 100644 --- a/roles/raspberrypi/handlers/main.yml +++ b/roles/raspberrypi/handlers/main.yml @@ -1,3 +1,4 @@ --- - name: Reboot reboot: + listen: reboot From 0607eb8aa4cc2ac7f115aced3688fdaecf419dc1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Aug 2023 13:27:35 -0500 Subject: [PATCH 03/23] chore(deps): bump ansible-core from 2.15.2 to 2.15.3 (#349) Bumps [ansible-core](https://github.com/ansible/ansible) from 2.15.2 to 2.15.3. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/compare/v2.15.2...v2.15.3) --- updated-dependencies: - dependency-name: ansible-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 0604a64a1..d09c3309b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ # ansible-compat==3.0.1 # via molecule -ansible-core==2.15.2 +ansible-core==2.15.3 # via # -r requirements.in # ansible-compat From 2e318e0862bd98f737d3ded3166a6ecf027a5aa3 Mon Sep 17 00:00:00 2001 From: Techno Tim Date: Fri, 18 Aug 2023 08:59:08 -0500 Subject: [PATCH 04/23] feat(k3s): Updated to v1.25.12+k3s1 (#351) --- inventory/sample/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index 9a45c30b9..e0ca56162 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -1,5 +1,5 @@ --- -k3s_version: v1.25.9+k3s1 +k3s_version: v1.25.12+k3s1 # this is the user that has ssh access to these machines ansible_user: ansibleuser systemd_dir: /etc/systemd/system From fb3128a783b02406f365a603d6220d002bf8fef4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Sep 2023 13:48:59 -0500 Subject: [PATCH 05/23] chore(deps): bump ansible-core from 2.15.3 to 2.15.4 (#362) Bumps [ansible-core](https://github.com/ansible/ansible) from 2.15.3 to 2.15.4. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/compare/v2.15.3...v2.15.4) --- updated-dependencies: - dependency-name: ansible-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index d09c3309b..de83955fd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ # ansible-compat==3.0.1 # via molecule -ansible-core==2.15.3 +ansible-core==2.15.4 # via # -r requirements.in # ansible-compat From 70ddf7b63c1d59e277d8f03ada834dafa88ce931 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Sep 2023 12:39:15 -0500 Subject: [PATCH 06/23] chore(deps): bump netaddr from 0.8.0 to 0.9.0 (#365) Bumps [netaddr](https://github.com/drkjam/netaddr) from 0.8.0 to 0.9.0. - [Changelog](https://github.com/netaddr/netaddr/blob/master/CHANGELOG) - [Commits](https://github.com/drkjam/netaddr/commits) --- updated-dependencies: - dependency-name: netaddr dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index de83955fd..7df266a31 100644 --- a/requirements.txt +++ b/requirements.txt @@ -86,7 +86,7 @@ molecule==4.0.4 # molecule-vagrant molecule-vagrant==1.0.0 # via -r requirements.in -netaddr==0.8.0 +netaddr==0.9.0 # via -r requirements.in nodeenv==1.7.0 # via pre-commit From 38e773315b1a071cc89de659d74569591c9782f9 Mon Sep 17 00:00:00 2001 From: johnnyrun Date: Mon, 9 Oct 2023 17:00:31 +0200 Subject: [PATCH 07/23] sysctl tags (#373) * sysctl tags * lost tag --------- Co-authored-by: Gianni Co-authored-by: Gianni Carabelli --- roles/prereq/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index b85ae0df3..2afb28c98 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -15,6 +15,7 @@ value: "1" state: present reload: yes + tags: sysctl - name: Enable IPv6 forwarding ansible.posix.sysctl: @@ -22,6 +23,7 @@ value: "1" state: present reload: yes + tags: sysctl - name: Enable IPv6 router advertisements ansible.posix.sysctl: @@ -29,6 +31,7 @@ value: "2" state: present reload: yes + tags: sysctl - name: Add br_netfilter to /etc/modules-load.d/ copy: @@ -53,6 +56,7 @@ loop: - net.bridge.bridge-nf-call-iptables - net.bridge.bridge-nf-call-ip6tables + tags: sysctl - name: Add /usr/local/bin to sudo secure_path lineinfile: From a64e882fb7be53b2338ab958758abb33f6b7b41a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 15:39:23 +0000 Subject: [PATCH 08/23] chore(deps): bump pre-commit-hooks from 4.4.0 to 4.5.0 (#379) Bumps [pre-commit-hooks](https://github.com/pre-commit/pre-commit-hooks) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/pre-commit/pre-commit-hooks/releases) - [Changelog](https://github.com/pre-commit/pre-commit-hooks/blob/main/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit-hooks/compare/v4.4.0...v4.5.0) --- updated-dependencies: - dependency-name: pre-commit-hooks dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 7df266a31..30cb1d43f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -103,7 +103,7 @@ pluggy==1.0.0 # via molecule pre-commit==2.21.0 # via -r requirements.in -pre-commit-hooks==4.4.0 +pre-commit-hooks==4.5.0 # via -r requirements.in pyasn1==0.4.8 # via From 9b6d551dd66a091a11c4fcc4ef40289a431b68fc Mon Sep 17 00:00:00 2001 From: balazshasprai <87380244+balazshasprai@users.noreply.github.com> Date: Fri, 13 Oct 2023 06:14:47 +0200 Subject: [PATCH 09/23] Expand secure_path with support for Suse (#381) --- roles/prereq/defaults/main.yml | 4 ++++ roles/prereq/tasks/main.yml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 roles/prereq/defaults/main.yml diff --git a/roles/prereq/defaults/main.yml b/roles/prereq/defaults/main.yml new file mode 100644 index 000000000..e469b0bb1 --- /dev/null +++ b/roles/prereq/defaults/main.yml @@ -0,0 +1,4 @@ +--- +secure_path: + RedHat: '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' + Suse: '/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin' diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index 2afb28c98..2fffe06e8 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -60,10 +60,10 @@ - name: Add /usr/local/bin to sudo secure_path lineinfile: - line: 'Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin' + line: 'Defaults secure_path = {{ secure_path[ansible_os_family] }}' regexp: "Defaults(\\s)*secure_path(\\s)*=" state: present insertafter: EOF path: /etc/sudoers validate: 'visudo -cf %s' - when: ansible_os_family == "RedHat" + when: ansible_os_family in [ "RedHat", "Suse" ] From 505c2eeff203f3b58f41c7dade16efd00601e8c1 Mon Sep 17 00:00:00 2001 From: balazshasprai <87380244+balazshasprai@users.noreply.github.com> Date: Wed, 18 Oct 2023 05:33:30 +0200 Subject: [PATCH 10/23] Add option for custom registries / mirrors (#382) --- inventory/sample/group_vars/all.yml | 40 +++++++++++++++++++ roles/k3s_custom_registries/defaults/main.yml | 6 +++ roles/k3s_custom_registries/tasks/main.yml | 17 ++++++++ site.yml | 3 ++ 4 files changed, 66 insertions(+) create mode 100644 roles/k3s_custom_registries/defaults/main.yml create mode 100644 roles/k3s_custom_registries/tasks/main.yml diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index e0ca56162..4b1f2da7f 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -81,3 +81,43 @@ proxmox_lxc_ct_ids: - 202 - 203 - 204 + +# Only enable this if you have set up your own container registry to act as a mirror / pull-through cache +# (harbor / nexus / docker's official registry / etc). +# Can be beneficial for larger dev/test environments (for example if you're getting rate limited by docker hub), +# or air-gapped environments where your nodes don't have internet access after the initial setup +# (which is still needed for downloading the k3s binary and such). +# k3s's documentation about private registries here: https://docs.k3s.io/installation/private-registry +custom_registries: false +# The registries can be authenticated or anonymous, depending on your registry server configuration. +# If they allow anonymous access, simply remove the following bit from custom_registries_yaml +# configs: +# "registry.domain.com": +# auth: +# username: yourusername +# password: yourpassword +# The following is an example that pulls all images used in this playbook through your private registries. +# It also allows you to pull your own images from your private registry, without having to use imagePullSecrets +# in your deployments. +# If all you need is your own images and you don't care about caching the docker/quay/ghcr.io images, +# you can just remove those from the mirrors: section. +custom_registries_yaml: | + mirrors: + docker.io: + endpoint: + - "https://registry.domain.com/v2/dockerhub" + quay.io: + endpoint: + - "https://registry.domain.com/v2/quayio" + ghcr.io: + endpoint: + - "https://registry.domain.com/v2/ghcrio" + registry.domain.com: + endpoint: + - "https://registry.domain.com" + + configs: + "registry.domain.com": + auth: + username: yourusername + password: yourpassword diff --git a/roles/k3s_custom_registries/defaults/main.yml b/roles/k3s_custom_registries/defaults/main.yml new file mode 100644 index 000000000..704aec7e0 --- /dev/null +++ b/roles/k3s_custom_registries/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Indicates whether custom registries for k3s should be configured +# Possible values: +# - present +# - absent +state: present diff --git a/roles/k3s_custom_registries/tasks/main.yml b/roles/k3s_custom_registries/tasks/main.yml new file mode 100644 index 000000000..dfe48c2ef --- /dev/null +++ b/roles/k3s_custom_registries/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- name: Create directory /etc/rancher/k3s + file: + path: "/etc/{{ item }}" + state: directory + mode: '0755' + loop: + - rancher + - rancher/k3s + +- name: Insert registries into /etc/rancher/k3s/registries.yaml + blockinfile: + path: /etc/rancher/k3s/registries.yaml + block: "{{ custom_registries_yaml }}" + mode: '0600' + create: true diff --git a/site.yml b/site.yml index 8f2498252..33653a93d 100644 --- a/site.yml +++ b/site.yml @@ -20,6 +20,9 @@ become: true - role: raspberrypi become: true + - role: k3s_custom_registries + become: true + when: custom_registries - name: Setup k3s servers hosts: master From 95b2836dfcef6da5b1085d1e538592b6a72103d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Hasprai?= Date: Thu, 19 Oct 2023 00:07:07 +0200 Subject: [PATCH 11/23] Add option to disable MetalLB, for use w/ ext LBs (#383) * Add option to disable MetalLB, for use w/ ext LBs * Add option to disable MetalLB, for use w/ ext LBs - add defaults * Skip MetalLB with tags instead of flag --- roles/k3s_server/tasks/main.yml | 1 + roles/k3s_server_post/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index 0a8c4b5ca..a1796ac89 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -17,6 +17,7 @@ - name: Deploy metallb manifest include_tasks: metallb.yml + tags: metallb - name: Init cluster inside the transient k3s-init service command: diff --git a/roles/k3s_server_post/tasks/main.yml b/roles/k3s_server_post/tasks/main.yml index 84a79dba0..f88dc0861 100644 --- a/roles/k3s_server_post/tasks/main.yml +++ b/roles/k3s_server_post/tasks/main.yml @@ -1,6 +1,7 @@ --- - name: Deploy metallb pool include_tasks: metallb.yml + tags: metallb - name: Remove tmp directory used for manifests file: From e880f08d26989299cdd1b8a39f7e1f7c8a85f163 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Hasprai?= Date: Sat, 21 Oct 2023 02:18:36 +0200 Subject: [PATCH 12/23] Add option for install behind http_proxy (#384) * Add option for install behind http_proxy * Tidy up http_proxy usage --- inventory/sample/group_vars/all.yml | 6 ++++++ roles/k3s_agent/tasks/http_proxy.yml | 18 ++++++++++++++++++ roles/k3s_agent/tasks/main.yml | 4 ++++ roles/k3s_agent/templates/http_proxy.conf.j2 | 4 ++++ roles/k3s_server/tasks/http_proxy.yml | 18 ++++++++++++++++++ roles/k3s_server/tasks/main.yml | 4 ++++ roles/k3s_server/templates/http_proxy.conf.j2 | 4 ++++ roles/reset/tasks/main.yml | 9 +++++++++ site.yml | 5 +++++ 9 files changed, 72 insertions(+) create mode 100644 roles/k3s_agent/tasks/http_proxy.yml create mode 100644 roles/k3s_agent/templates/http_proxy.conf.j2 create mode 100644 roles/k3s_server/tasks/http_proxy.yml create mode 100644 roles/k3s_server/templates/http_proxy.conf.j2 diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index 4b1f2da7f..43fa3f456 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -121,3 +121,9 @@ custom_registries_yaml: | auth: username: yourusername password: yourpassword + +# Only enable and configure these if you access the internet through a proxy +# proxy_env: +# HTTP_PROXY: "http://proxy.domain.local:3128" +# HTTPS_PROXY: "http://proxy.domain.local:3128" +# NO_PROXY: "*.domain.local,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" diff --git a/roles/k3s_agent/tasks/http_proxy.yml b/roles/k3s_agent/tasks/http_proxy.yml new file mode 100644 index 000000000..f0a68f6ad --- /dev/null +++ b/roles/k3s_agent/tasks/http_proxy.yml @@ -0,0 +1,18 @@ +--- + +- name: Create k3s.service.d directory + file: + path: '{{ systemd_dir }}/k3s.service.d' + state: directory + owner: root + group: root + mode: '0755' + + +- name: Copy K3s http_proxy conf file + template: + src: "http_proxy.conf.j2" + dest: "{{ systemd_dir }}/k3s.service.d/http_proxy.conf" + owner: root + group: root + mode: '0755' diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml index 0ce8e08d0..395c1ac0e 100644 --- a/roles/k3s_agent/tasks/main.yml +++ b/roles/k3s_agent/tasks/main.yml @@ -1,5 +1,9 @@ --- +- name: Deploy K3s http_proxy conf + include_tasks: http_proxy.yml + when: proxy_env is defined + - name: Copy K3s service file template: src: "k3s.service.j2" diff --git a/roles/k3s_agent/templates/http_proxy.conf.j2 b/roles/k3s_agent/templates/http_proxy.conf.j2 new file mode 100644 index 000000000..6591d45ea --- /dev/null +++ b/roles/k3s_agent/templates/http_proxy.conf.j2 @@ -0,0 +1,4 @@ +[Service] +Environment=HTTP_PROXY={{ proxy_env.HTTP_PROXY }} +Environment=HTTPS_PROXY={{ proxy_env.HTTPS_PROXY }} +Environment=NO_PROXY={{ proxy_env.NO_PROXY }} diff --git a/roles/k3s_server/tasks/http_proxy.yml b/roles/k3s_server/tasks/http_proxy.yml new file mode 100644 index 000000000..f0a68f6ad --- /dev/null +++ b/roles/k3s_server/tasks/http_proxy.yml @@ -0,0 +1,18 @@ +--- + +- name: Create k3s.service.d directory + file: + path: '{{ systemd_dir }}/k3s.service.d' + state: directory + owner: root + group: root + mode: '0755' + + +- name: Copy K3s http_proxy conf file + template: + src: "http_proxy.conf.j2" + dest: "{{ systemd_dir }}/k3s.service.d/http_proxy.conf" + owner: root + group: root + mode: '0755' diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index a1796ac89..030dc223b 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -12,6 +12,10 @@ failed_when: false changed_when: false +- name: Deploy K3s http_proxy conf + include_tasks: http_proxy.yml + when: proxy_env is defined + - name: Deploy vip manifest include_tasks: vip.yml diff --git a/roles/k3s_server/templates/http_proxy.conf.j2 b/roles/k3s_server/templates/http_proxy.conf.j2 new file mode 100644 index 000000000..6591d45ea --- /dev/null +++ b/roles/k3s_server/templates/http_proxy.conf.j2 @@ -0,0 +1,4 @@ +[Service] +Environment=HTTP_PROXY={{ proxy_env.HTTP_PROXY }} +Environment=HTTPS_PROXY={{ proxy_env.HTTPS_PROXY }} +Environment=NO_PROXY={{ proxy_env.NO_PROXY }} diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index cd3bf720c..d75c9ffca 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -46,6 +46,15 @@ - /var/lib/rancher/ - /var/lib/cni/ +- name: Remove K3s http_proxy files + file: + name: "{{ item }}" + state: absent + with_items: + - "{{ systemd_dir }}/k3s.service.d" + - "{{ systemd_dir }}/k3s-node.service.d" + when: proxy_env is defined + - name: Reload daemon_reload systemd: daemon_reload: yes diff --git a/site.yml b/site.yml index 33653a93d..6dde6b1ac 100644 --- a/site.yml +++ b/site.yml @@ -3,6 +3,7 @@ hosts: proxmox gather_facts: true become: yes + environment: "{{ proxy_env | default({}) }}" roles: - role: proxmox_lxc when: proxmox_lxc_configure @@ -10,6 +11,7 @@ - name: Prepare k3s nodes hosts: k3s_cluster gather_facts: yes + environment: "{{ proxy_env | default({}) }}" roles: - role: lxc become: true @@ -26,18 +28,21 @@ - name: Setup k3s servers hosts: master + environment: "{{ proxy_env | default({}) }}" roles: - role: k3s_server become: true - name: Setup k3s agents hosts: node + environment: "{{ proxy_env | default({}) }}" roles: - role: k3s_agent become: true - name: Configure k3s cluster hosts: master + environment: "{{ proxy_env | default({}) }}" roles: - role: k3s_server_post become: true From 7badfbd7bd31264de5be3519823020c343b5ca98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 20:46:52 -0600 Subject: [PATCH 13/23] chore(deps): bump netaddr from 0.9.0 to 0.10.0 (#411) Bumps [netaddr](https://github.com/drkjam/netaddr) from 0.9.0 to 0.10.0. - [Release notes](https://github.com/drkjam/netaddr/releases) - [Changelog](https://github.com/netaddr/netaddr/blob/master/CHANGELOG) - [Commits](https://github.com/drkjam/netaddr/compare/0.9.0...0.10.0) --- updated-dependencies: - dependency-name: netaddr dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 30cb1d43f..9dcf1612c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -86,7 +86,7 @@ molecule==4.0.4 # molecule-vagrant molecule-vagrant==1.0.0 # via -r requirements.in -netaddr==0.9.0 +netaddr==0.10.0 # via -r requirements.in nodeenv==1.7.0 # via pre-commit From 70e658cf980a88a9c74b1a485403beb84ea1f278 Mon Sep 17 00:00:00 2001 From: Techno Tim Date: Fri, 12 Jan 2024 22:34:23 -0500 Subject: [PATCH 14/23] feat(k3s): Updated to v1.25.16+k3s4 (#407) --- inventory/sample/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index 43fa3f456..5b923f7ee 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -1,5 +1,5 @@ --- -k3s_version: v1.25.12+k3s1 +k3s_version: v1.25.16+k3s4 # this is the user that has ssh access to these machines ansible_user: ansibleuser systemd_dir: /etc/systemd/system From cddbfc8e40844e880381e8fe60fc9ff4112f74c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Hasprai?= Date: Mon, 15 Jan 2024 19:43:44 +0100 Subject: [PATCH 15/23] Update truthy values to true/false only, #204 (#387) Co-authored-by: Techno Tim --- .yamllint | 2 +- molecule/default/prepare.yml | 2 +- .../verify_from_outside/tasks/test/deploy-example.yml | 2 +- reboot.yml | 2 +- reset.yml | 4 ++-- roles/k3s_agent/tasks/main.yml | 4 ++-- roles/k3s_server/tasks/main.yml | 6 +++--- roles/prereq/tasks/main.yml | 8 ++++---- roles/raspberrypi/tasks/setup/Rocky.yml | 2 +- roles/raspberrypi/tasks/setup/Ubuntu.yml | 2 +- roles/reset/tasks/main.yml | 4 ++-- site.yml | 4 ++-- 12 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.yamllint b/.yamllint index 8f1968740..c572b3f02 100644 --- a/.yamllint +++ b/.yamllint @@ -6,4 +6,4 @@ rules: max: 120 level: warning truthy: - allowed-values: ['true', 'false', 'yes', 'no'] + allowed-values: ['true', 'false'] diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 17da4dd58..044aa793a 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -17,6 +17,6 @@ # and security needs. ansible.builtin.systemd: name: firewalld - enabled: no + enabled: false state: stopped become: true diff --git a/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml b/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml index 61c4cec04..385c7ccf5 100644 --- a/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml +++ b/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml @@ -35,7 +35,7 @@ - name: Assert that the nginx welcome page is available ansible.builtin.uri: url: http://{{ ip | ansible.utils.ipwrap }}:{{ port_ }}/ - return_content: yes + return_content: true register: result failed_when: "'Welcome to nginx!' not in result.content" vars: diff --git a/reboot.yml b/reboot.yml index a9706655d..ffba5071b 100644 --- a/reboot.yml +++ b/reboot.yml @@ -1,7 +1,7 @@ --- - name: Reboot k3s_cluster hosts: k3s_cluster - gather_facts: yes + gather_facts: true tasks: - name: Reboot the nodes (and Wait upto 5 mins max) become: true diff --git a/reset.yml b/reset.yml index 02d4d8921..d09c947b4 100644 --- a/reset.yml +++ b/reset.yml @@ -1,7 +1,7 @@ --- - name: Reset k3s cluster hosts: k3s_cluster - gather_facts: yes + gather_facts: true roles: - role: reset become: true @@ -17,7 +17,7 @@ - name: Revert changes to Proxmox cluster hosts: proxmox gather_facts: true - become: yes + become: true remote_user: "{{ proxmox_lxc_ssh_user }}" roles: - role: reset_proxmox_lxc diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml index 395c1ac0e..31466975e 100644 --- a/roles/k3s_agent/tasks/main.yml +++ b/roles/k3s_agent/tasks/main.yml @@ -15,6 +15,6 @@ - name: Enable and check K3s service systemd: name: k3s-node - daemon_reload: yes + daemon_reload: true state: restarted - enabled: yes + enabled: true diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index 030dc223b..60b063db1 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -67,9 +67,9 @@ - name: Enable and check K3s service systemd: name: k3s - daemon_reload: yes + daemon_reload: true state: restarted - enabled: yes + enabled: true - name: Wait for node-token wait_for: @@ -110,7 +110,7 @@ copy: src: /etc/rancher/k3s/k3s.yaml dest: "{{ ansible_user_dir }}/.kube/config" - remote_src: yes + remote_src: true owner: "{{ ansible_user_id }}" mode: "u=rw,g=,o=" diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index 2fffe06e8..4dfca5791 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -14,7 +14,7 @@ name: net.ipv4.ip_forward value: "1" state: present - reload: yes + reload: true tags: sysctl - name: Enable IPv6 forwarding @@ -22,7 +22,7 @@ name: net.ipv6.conf.all.forwarding value: "1" state: present - reload: yes + reload: true tags: sysctl - name: Enable IPv6 router advertisements @@ -30,7 +30,7 @@ name: net.ipv6.conf.all.accept_ra value: "2" state: present - reload: yes + reload: true tags: sysctl - name: Add br_netfilter to /etc/modules-load.d/ @@ -51,7 +51,7 @@ name: "{{ item }}" value: "1" state: present - reload: yes + reload: true when: ansible_os_family == "RedHat" loop: - net.bridge.bridge-nf-call-iptables diff --git a/roles/raspberrypi/tasks/setup/Rocky.yml b/roles/raspberrypi/tasks/setup/Rocky.yml index b037b1d92..7fd8a38ff 100644 --- a/roles/raspberrypi/tasks/setup/Rocky.yml +++ b/roles/raspberrypi/tasks/setup/Rocky.yml @@ -2,7 +2,7 @@ - name: Enable cgroup via boot commandline if not already enabled for Rocky lineinfile: path: /boot/cmdline.txt - backrefs: yes + backrefs: true regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' notify: reboot diff --git a/roles/raspberrypi/tasks/setup/Ubuntu.yml b/roles/raspberrypi/tasks/setup/Ubuntu.yml index 6b1e731ea..72c77c969 100644 --- a/roles/raspberrypi/tasks/setup/Ubuntu.yml +++ b/roles/raspberrypi/tasks/setup/Ubuntu.yml @@ -2,7 +2,7 @@ - name: Enable cgroup via boot commandline if not already enabled for Ubuntu on a Raspberry Pi lineinfile: path: /boot/firmware/cmdline.txt - backrefs: yes + backrefs: true regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$' line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory' notify: reboot diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index d75c9ffca..da4b1515d 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -3,7 +3,7 @@ systemd: name: "{{ item }}" state: stopped - enabled: no + enabled: false failed_when: false with_items: - k3s @@ -57,7 +57,7 @@ - name: Reload daemon_reload systemd: - daemon_reload: yes + daemon_reload: true - name: Remove tmp directory used for manifests file: diff --git a/site.yml b/site.yml index 6dde6b1ac..2aa46e7be 100644 --- a/site.yml +++ b/site.yml @@ -2,7 +2,7 @@ - name: Prepare Proxmox cluster hosts: proxmox gather_facts: true - become: yes + become: true environment: "{{ proxy_env | default({}) }}" roles: - role: proxmox_lxc @@ -10,7 +10,7 @@ - name: Prepare k3s nodes hosts: k3s_cluster - gather_facts: yes + gather_facts: true environment: "{{ proxy_env | default({}) }}" roles: - role: lxc From 7669fd47218a3c93f11082ec7a8b3d7cb9d9c2a9 Mon Sep 17 00:00:00 2001 From: egandro Date: Fri, 19 Jan 2024 01:35:19 +0100 Subject: [PATCH 16/23] initial galaxy.yml (#388) * initial galaxy.yml * added readme * lint fix * Updated description Co-authored-by: Dov Benyomin Sohacheski * Updated license_file section Co-authored-by: Dov Benyomin Sohacheski * Updated tags section Co-authored-by: Dov Benyomin Sohacheski * Updated dependencies section Co-authored-by: Dov Benyomin Sohacheski * removed extra empty line galaxy created --------- Co-authored-by: Harald Fielker Co-authored-by: Dov Benyomin Sohacheski Co-authored-by: Techno Tim --- .ansible-lint | 3 ++ .yamllint | 2 ++ README.md | 22 ++++++++++++++ galaxy.yml | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 108 insertions(+) create mode 100644 galaxy.yml diff --git a/.ansible-lint b/.ansible-lint index 940e20ece..802424400 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -13,5 +13,8 @@ exclude_paths: - 'molecule/**/prepare.yml' - 'molecule/**/reset.yml' + # The file was generated by galaxy ansible - don't mess with it. + - 'galaxy.yml' + skip_list: - 'fqcn-builtins' diff --git a/.yamllint b/.yamllint index c572b3f02..a60b44eb4 100644 --- a/.yamllint +++ b/.yamllint @@ -7,3 +7,5 @@ rules: level: warning truthy: allowed-values: ['true', 'false'] +ignore: + - galaxy.yml diff --git a/README.md b/README.md index cdb24fd0f..8775d7999 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,28 @@ You can find more information about it [here](molecule/README.md). This repo uses `pre-commit` and `pre-commit-hooks` to lint and fix common style and syntax errors. Be sure to install python packages and then run `pre-commit install`. For more information, see [pre-commit](https://pre-commit.com/) +## 🌌 Ansible Galaxy + +This collection can now be used in larger ansible projects. + +Instructions: + +- create or modify a file `collections/requirements.yml` in your project + +```yml +collections: + - name: ansible.utils + - name: community.general + - name: ansible.posix + - name: kubernetes.core + - name: https://github.com/techno-tim/k3s-ansible.git + type: git + version: master +``` + +- install via `ansible-galaxy collection install -r ./collections/requirements.yml` +- every role is now available via the prefix `techno_tim.k3s_ansible.` e.g. `techno_tim.k3s_ansible.lxc` + ## Thanks 🤝 This repo is really standing on the shoulders of giants. Thank you to all those who have contributed and thanks to these repos for code and ideas: diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 000000000..0f9b19663 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,81 @@ +### REQUIRED +# The namespace of the collection. This can be a company/brand/organization or product namespace under which all +# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with +# underscores or numbers and cannot contain consecutive underscores +namespace: techno_tim + +# The name of the collection. Has the same character restrictions as 'namespace' +name: k3s_ansible + +# The version of the collection. Must be compatible with semantic versioning +version: 1.0.0 + +# The path to the Markdown (.md) readme file. This path is relative to the root of the collection +readme: README.md + +# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) +# @nicks:irc/im.site#channel' +authors: +- your name + + +### OPTIONAL but strongly recommended +# A short summary description of the collection +description: > + The easiest way to bootstrap a self-hosted High Availability Kubernetes + cluster. A fully automated HA k3s etcd install with kube-vip, MetalLB, + and more. + +# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only +# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' +license: +- Apache-2.0 + + +# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character +# requirements as 'namespace' and 'name' +tags: + - etcd + - high-availability + - k8s + - k3s + - k3s-cluster + - kube-vip + - kubernetes + - metallb + - rancher + +# Collections that this collection requires to be installed for it to be usable. The key of the dict is the +# collection label 'namespace.name'. The value is a version range +# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version +# range specifiers can be set and are separated by ',' +dependencies: + ansible.utils: '*' + ansible.posix: '*' + community.general: '*' + kubernetes.core: '*' + +# The URL of the originating SCM repository +repository: https://github.com/techno-tim/k3s-ansible + +# The URL to any online docs +documentation: https://github.com/techno-tim/k3s-ansible + +# The URL to the homepage of the collection/project +homepage: https://www.youtube.com/watch?v=CbkEWcUZ7zM + +# The URL to the collection issue tracker +issues: https://github.com/techno-tim/k3s-ansible/issues + +# A list of file glob-like patterns used to filter any files or directories that should not be included in the build +# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This +# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', +# and '.git' are always filtered. Mutually exclusive with 'manifest' +build_ignore: [] + +# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a +# list of MANIFEST.in style +# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key +# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive +# with 'build_ignore' +# manifest: null From edf0c9eebd14c1c2eae03fccda49b534866c6ac5 Mon Sep 17 00:00:00 2001 From: egandro Date: Fri, 19 Jan 2024 15:37:14 +0100 Subject: [PATCH 17/23] fix for recreating new control planes (2nd run) (#393) Co-authored-by: Harald Fielker Co-authored-by: Techno Tim --- roles/k3s_server/tasks/main.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index 60b063db1..5a396e0b6 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -6,6 +6,13 @@ state: stopped failed_when: false +# k3s-init won't work if the port is already in use +- name: Stop k3s + systemd: + name: k3s + state: stopped + failed_when: false + - name: Clean previous runs of k3s-init # noqa command-instead-of-module # The systemd module does not support "reset-failed", so we need to resort to command. command: systemctl reset-failed k3s-init @@ -29,7 +36,7 @@ -p Restart=on-failure \ --unit=k3s-init \ k3s server {{ server_init_args }}" - creates: "{{ systemd_dir }}/k3s.service" + creates: "{{ systemd_dir }}/k3s-init.service" - name: Verification when: not ansible_check_mode From e2e9881f0fa1d34d50836774fc783f68f03ac5a6 Mon Sep 17 00:00:00 2001 From: Techno Tim Date: Wed, 24 Jan 2024 22:26:38 -0600 Subject: [PATCH 18/23] Fix CI (#389) did all the things to make it work --- .github/workflows/cache.yml | 42 +++++++ .github/workflows/ci.yml | 5 +- .github/workflows/lint.yml | 24 +--- .github/workflows/test.yml | 34 ++---- molecule/default/molecule.yml | 13 ++- molecule/ipv6/molecule.yml | 9 +- molecule/single_node/molecule.yml | 7 +- requirements.in | 18 +-- requirements.txt | 147 +++++++++++------------- roles/k3s_server_post/defaults/main.yml | 2 +- 10 files changed, 155 insertions(+), 146 deletions(-) create mode 100644 .github/workflows/cache.yml diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml new file mode 100644 index 000000000..6322657fb --- /dev/null +++ b/.github/workflows/cache.yml @@ -0,0 +1,42 @@ +--- +name: "Cache" +on: + workflow_call: +jobs: + molecule: + name: cache + runs-on: self-hosted + env: + PYTHON_VERSION: "3.11" + + steps: + - name: Check out the codebase + uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v3 2.5.0 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Set up Python ${{ env.PYTHON_VERSION }} + uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # 2.3.3 + with: + python-version: ${{ env.PYTHON_VERSION }} + cache: 'pip' # caching pip dependencies + + - name: Cache Vagrant boxes + id: cache-vagrant + uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + with: + lookup-only: true #if it exists, we don't need to restore and can skip the next step + path: | + ~/.vagrant.d/boxes + key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} + restore-keys: | + vagrant-boxes + + - name: Download Vagrant boxes for all scenarios + # To save some cache space, all scenarios share the same cache key. + # On the other hand, this means that the cache contents should be + # the same across all scenarios. This step ensures that. + if: steps.cache-vagrant.outputs.cache-hit != 'true' # only run if false since this is just a cache step + run: | + ./.github/download-boxes.sh + vagrant box list diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 54be8ff06..77f933352 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,8 +8,11 @@ on: paths-ignore: - '**/README.md' jobs: + pre: + uses: ./.github/workflows/cache.yml lint: uses: ./.github/workflows/lint.yml + needs: [pre] test: uses: ./.github/workflows/test.yml - needs: [lint] + needs: [pre, lint] diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b43f5bbec..6787f7882 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,7 +5,7 @@ on: jobs: pre-commit-ci: name: Pre-Commit - runs-on: ubuntu-latest + runs-on: self-hosted env: PYTHON_VERSION: "3.11" @@ -21,21 +21,11 @@ jobs: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' # caching pip dependencies - - name: Cache pip - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - name: Cache Ansible - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 + - name: Restore Ansible cache + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 with: path: ~/.ansible/collections - key: ${{ runner.os }}-ansible-${{ hashFiles('collections/requirements.txt') }} - restore-keys: | - ${{ runner.os }}-ansible- + key: ansible-${{ hashFiles('collections/requirements.yml') }} - name: Install dependencies run: | @@ -47,16 +37,12 @@ jobs: python3 -m pip install -r requirements.txt echo "::endgroup::" - echo "::group::Install Ansible role requirements from collections/requirements.yml" - ansible-galaxy install -r collections/requirements.yml - echo "::endgroup::" - - name: Run pre-commit uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # 3.0.0 ensure-pinned-actions: name: Ensure SHA Pinned Actions - runs-on: ubuntu-latest + runs-on: self-hosted steps: - name: Checkout code uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v3 2.5.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 10b6135ab..f55bf48d6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,7 +5,7 @@ on: jobs: molecule: name: Molecule - runs-on: macos-12 + runs-on: self-hosted strategy: matrix: scenario: @@ -30,35 +30,19 @@ jobs: * fdad:bad:ba55::/64 EOF - - name: Cache pip - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('./requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - name: Cache Vagrant boxes - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # 3.0.11 - with: - path: | - ~/.vagrant.d/boxes - key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} - restore-keys: | - vagrant-boxes - - - name: Download Vagrant boxes for all scenarios - # To save some cache space, all scenarios share the same cache key. - # On the other hand, this means that the cache contents should be - # the same across all scenarios. This step ensures that. - run: ./.github/download-boxes.sh - - name: Set up Python ${{ env.PYTHON_VERSION }} uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # 2.3.3 with: python-version: ${{ env.PYTHON_VERSION }} cache: 'pip' # caching pip dependencies + - name: Restore vagrant Boxes cache + uses: actions/cache/restore@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # 4.0 + with: + path: ~/.vagrant.d/boxes + key: vagrant-boxes-${{ hashFiles('**/molecule.yml') }} + fail-on-cache-miss: true + - name: Install dependencies run: | echo "::group::Upgrade pip" @@ -75,7 +59,7 @@ jobs: env: ANSIBLE_K3S_LOG_DIR: ${{ runner.temp }}/logs/k3s-ansible/${{ matrix.scenario }} ANSIBLE_SSH_RETRIES: 4 - ANSIBLE_TIMEOUT: 60 + ANSIBLE_TIMEOUT: 120 PY_COLORS: 1 ANSIBLE_FORCE_COLOR: 1 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 4a07503aa..98d0d2eb2 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ platforms: - name: control1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -23,7 +23,7 @@ platforms: - name: control2 box: generic/debian11 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -34,7 +34,7 @@ platforms: - name: control3 box: generic/rocky9 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -45,7 +45,7 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -61,7 +61,7 @@ platforms: - name: node2 box: generic/rocky9 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -72,6 +72,8 @@ platforms: provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 1 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -82,7 +84,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/molecule/ipv6/molecule.yml b/molecule/ipv6/molecule.yml index 2ad64234b..3d45b2523 100644 --- a/molecule/ipv6/molecule.yml +++ b/molecule/ipv6/molecule.yml @@ -6,7 +6,7 @@ driver: platforms: - name: control1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -22,7 +22,7 @@ platforms: - name: control2 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -38,7 +38,7 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 2048 + memory: 4096 cpus: 2 groups: - k3s_cluster @@ -53,6 +53,8 @@ platforms: ssh.password: "vagrant" provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 1 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -63,7 +65,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/molecule/single_node/molecule.yml b/molecule/single_node/molecule.yml index 1a7ed84de..0a77896a4 100644 --- a/molecule/single_node/molecule.yml +++ b/molecule/single_node/molecule.yml @@ -6,8 +6,8 @@ driver: platforms: - name: control1 box: generic/ubuntu2204 - memory: 4096 - cpus: 4 + memory: 8192 + cpus: 8 config_options: # We currently can not use public-key based authentication on Ubuntu 22.04, # see: https://github.com/chef/bento/issues/1405 @@ -21,6 +21,8 @@ platforms: ip: 192.168.30.50 provisioner: name: ansible + env: + ANSIBLE_VERBOSITY: 1 playbooks: converge: ../resources/converge.yml side_effect: ../resources/reset.yml @@ -31,7 +33,6 @@ provisioner: scenario: test_sequence: - dependency - - lint - cleanup - destroy - syntax diff --git a/requirements.in b/requirements.in index 715153b23..e0eac2976 100644 --- a/requirements.in +++ b/requirements.in @@ -1,10 +1,10 @@ -ansible-core>=2.13.5 +ansible-core>=2.16.2 jmespath>=1.0.1 -jsonpatch>=1.32 -kubernetes>=25.3.0 -molecule-vagrant>=1.0.0 -molecule>=4.0.3 -netaddr>=0.8.0 -pre-commit>=2.20.0 -pre-commit-hooks>=1.3.1 -pyyaml>=6.0 +jsonpatch>=1.33 +kubernetes>=29.0.0 +molecule-plugins[vagrant] +molecule>=6.0.3 +netaddr>=0.10.1 +pre-commit>=3.6.0 +pre-commit-hooks>=4.5.0 +pyyaml>=6.0.1 diff --git a/requirements.txt b/requirements.txt index 9dcf1612c..48773d79c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,174 +4,165 @@ # # pip-compile requirements.in # -ansible-compat==3.0.1 +ansible-compat==4.1.11 # via molecule -ansible-core==2.15.4 +ansible-core==2.16.2 # via # -r requirements.in # ansible-compat -arrow==1.2.3 - # via jinja2-time -attrs==22.1.0 - # via jsonschema -binaryornot==0.4.4 - # via cookiecutter -cachetools==5.2.0 + # molecule +attrs==23.2.0 + # via + # jsonschema + # referencing +bracex==2.4 + # via wcmatch +cachetools==5.3.2 # via google-auth -certifi==2022.9.24 +certifi==2023.11.17 # via # kubernetes # requests -cffi==1.15.1 +cffi==1.16.0 # via cryptography -cfgv==3.3.1 +cfgv==3.4.0 # via pre-commit -chardet==5.0.0 - # via binaryornot -charset-normalizer==2.1.1 +charset-normalizer==3.3.2 # via requests -click==8.1.3 +click==8.1.7 # via # click-help-colors - # cookiecutter # molecule -click-help-colors==0.9.1 - # via molecule -commonmark==0.9.1 - # via rich -cookiecutter==2.1.1 +click-help-colors==0.9.4 # via molecule -cryptography==38.0.3 +cryptography==41.0.7 # via ansible-core -distlib==0.3.6 +distlib==0.3.8 # via virtualenv -distro==1.8.0 - # via selinux enrich==1.2.7 # via molecule -filelock==3.8.0 +filelock==3.13.1 # via virtualenv -google-auth==2.14.0 +google-auth==2.26.2 # via kubernetes -identify==2.5.8 +identify==2.5.33 # via pre-commit -idna==3.4 +idna==3.6 # via requests -jinja2==3.1.2 +jinja2==3.1.3 # via # ansible-core - # cookiecutter - # jinja2-time # molecule - # molecule-vagrant -jinja2-time==0.2.0 - # via cookiecutter jmespath==1.0.1 # via -r requirements.in jsonpatch==1.33 # via -r requirements.in -jsonpointer==2.3 +jsonpointer==2.4 # via jsonpatch -jsonschema==4.17.0 +jsonschema==4.21.1 # via # ansible-compat # molecule -kubernetes==25.3.0 +jsonschema-specifications==2023.12.1 + # via jsonschema +kubernetes==29.0.0 # via -r requirements.in -markupsafe==2.1.1 +markdown-it-py==3.0.0 + # via rich +markupsafe==2.1.4 # via jinja2 -molecule==4.0.4 +mdurl==0.1.2 + # via markdown-it-py +molecule==6.0.3 # via # -r requirements.in - # molecule-vagrant -molecule-vagrant==1.0.0 + # molecule-plugins +molecule-plugins[vagrant]==23.5.0 # via -r requirements.in -netaddr==0.10.0 +netaddr==0.10.1 # via -r requirements.in -nodeenv==1.7.0 +nodeenv==1.8.0 # via pre-commit oauthlib==3.2.2 - # via requests-oauthlib -packaging==21.3 + # via + # kubernetes + # requests-oauthlib +packaging==23.2 # via # ansible-compat # ansible-core # molecule -platformdirs==2.5.2 +platformdirs==4.1.0 # via virtualenv -pluggy==1.0.0 +pluggy==1.3.0 # via molecule -pre-commit==2.21.0 +pre-commit==3.6.0 # via -r requirements.in pre-commit-hooks==4.5.0 # via -r requirements.in -pyasn1==0.4.8 +pyasn1==0.5.1 # via # pyasn1-modules # rsa -pyasn1-modules==0.2.8 +pyasn1-modules==0.3.0 # via google-auth pycparser==2.21 # via cffi -pygments==2.13.0 +pygments==2.17.2 # via rich -pyparsing==3.0.9 - # via packaging -pyrsistent==0.19.2 - # via jsonschema python-dateutil==2.8.2 - # via - # arrow - # kubernetes -python-slugify==6.1.2 - # via cookiecutter + # via kubernetes python-vagrant==1.0.0 - # via molecule-vagrant + # via molecule-plugins pyyaml==6.0.1 # via # -r requirements.in # ansible-compat # ansible-core - # cookiecutter # kubernetes # molecule - # molecule-vagrant # pre-commit -requests==2.28.1 +referencing==0.32.1 + # via + # jsonschema + # jsonschema-specifications +requests==2.31.0 # via - # cookiecutter # kubernetes # requests-oauthlib requests-oauthlib==1.3.1 # via kubernetes -resolvelib==0.8.1 +resolvelib==1.0.1 # via ansible-core -rich==12.6.0 +rich==13.7.0 # via # enrich # molecule +rpds-py==0.17.1 + # via + # jsonschema + # referencing rsa==4.9 # via google-auth -ruamel-yaml==0.17.21 +ruamel-yaml==0.18.5 # via pre-commit-hooks -selinux==0.2.1 - # via molecule-vagrant +ruamel-yaml-clib==0.2.8 + # via ruamel-yaml six==1.16.0 # via - # google-auth # kubernetes # python-dateutil subprocess-tee==0.4.1 # via ansible-compat -text-unidecode==1.3 - # via python-slugify -urllib3==1.26.12 +urllib3==2.1.0 # via # kubernetes # requests -virtualenv==20.16.6 +virtualenv==20.25.0 # via pre-commit -websocket-client==1.4.2 +wcmatch==8.5 + # via molecule +websocket-client==1.7.0 # via kubernetes # The following packages are considered to be unsafe in a requirements file: diff --git a/roles/k3s_server_post/defaults/main.yml b/roles/k3s_server_post/defaults/main.yml index 1c458faab..bbf9629d9 100644 --- a/roles/k3s_server_post/defaults/main.yml +++ b/roles/k3s_server_post/defaults/main.yml @@ -1,6 +1,6 @@ --- # Timeout to wait for MetalLB services to come up -metal_lb_available_timeout: 120s +metal_lb_available_timeout: 240s # Name of the master group group_name_master: master From 5ae8fd122319eb76a2393d3c27aff007460ea9cd Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Thu, 25 Jan 2024 09:30:02 -0600 Subject: [PATCH 19/23] fix(molecule): lower resources for nodes --- molecule/default/molecule.yml | 10 +++++----- molecule/ipv6/molecule.yml | 6 +++--- molecule/single_node/molecule.yml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 98d0d2eb2..491db8f8c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ platforms: - name: control1 box: generic/ubuntu2204 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster @@ -23,7 +23,7 @@ platforms: - name: control2 box: generic/debian11 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster @@ -34,7 +34,7 @@ platforms: - name: control3 box: generic/rocky9 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster @@ -45,7 +45,7 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster @@ -61,7 +61,7 @@ platforms: - name: node2 box: generic/rocky9 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster diff --git a/molecule/ipv6/molecule.yml b/molecule/ipv6/molecule.yml index 3d45b2523..28f425b3b 100644 --- a/molecule/ipv6/molecule.yml +++ b/molecule/ipv6/molecule.yml @@ -6,7 +6,7 @@ driver: platforms: - name: control1 box: generic/ubuntu2204 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster @@ -22,7 +22,7 @@ platforms: - name: control2 box: generic/ubuntu2204 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster @@ -38,7 +38,7 @@ platforms: - name: node1 box: generic/ubuntu2204 - memory: 4096 + memory: 1024 cpus: 2 groups: - k3s_cluster diff --git a/molecule/single_node/molecule.yml b/molecule/single_node/molecule.yml index 0a77896a4..276b6d391 100644 --- a/molecule/single_node/molecule.yml +++ b/molecule/single_node/molecule.yml @@ -6,8 +6,8 @@ driver: platforms: - name: control1 box: generic/ubuntu2204 - memory: 8192 - cpus: 8 + memory: 4096 + cpus: 4 config_options: # We currently can not use public-key based authentication on Ubuntu 22.04, # see: https://github.com/chef/bento/issues/1405 From df9c6f301401fe2614b3c7c456535d772b561c7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20Hasprai?= Date: Thu, 25 Jan 2024 18:34:46 +0100 Subject: [PATCH 20/23] Fix http_proxy service dir in k3s_agent role (#400) * Fix http_proxy service dir in k3s_agent role * Fix http_proxy reset: rm conf files before dirs * Fix http_proxy reset rm order --------- Co-authored-by: Techno Tim --- roles/k3s_agent/tasks/http_proxy.yml | 6 +++--- roles/reset/tasks/main.yml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/k3s_agent/tasks/http_proxy.yml b/roles/k3s_agent/tasks/http_proxy.yml index f0a68f6ad..d4943e243 100644 --- a/roles/k3s_agent/tasks/http_proxy.yml +++ b/roles/k3s_agent/tasks/http_proxy.yml @@ -1,8 +1,8 @@ --- -- name: Create k3s.service.d directory +- name: Create k3s-node.service.d directory file: - path: '{{ systemd_dir }}/k3s.service.d' + path: '{{ systemd_dir }}/k3s-node.service.d' state: directory owner: root group: root @@ -12,7 +12,7 @@ - name: Copy K3s http_proxy conf file template: src: "http_proxy.conf.j2" - dest: "{{ systemd_dir }}/k3s.service.d/http_proxy.conf" + dest: "{{ systemd_dir }}/k3s-node.service.d/http_proxy.conf" owner: root group: root mode: '0755' diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index da4b1515d..49a4aa018 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -51,7 +51,9 @@ name: "{{ item }}" state: absent with_items: + - "{{ systemd_dir }}/k3s.service.d/http_proxy.conf" - "{{ systemd_dir }}/k3s.service.d" + - "{{ systemd_dir }}/k3s-node.service.d/http_proxy.conf" - "{{ systemd_dir }}/k3s-node.service.d" when: proxy_env is defined From 511c41045182bdf23b5054180535283bfd81ec2d Mon Sep 17 00:00:00 2001 From: sholdee <102821812+sholdee@users.noreply.github.com> Date: Thu, 25 Jan 2024 13:20:02 -0600 Subject: [PATCH 21/23] Add Debian Bookworm support and refactor Pi OS detection (#415) * Refactor Pi OS detection and add Debian Bookworm support * Add bullseye back --------- Co-authored-by: Techno Tim --- roles/raspberrypi/tasks/main.yml | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index 29f824a91..25de61afe 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -17,21 +17,19 @@ when: grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0 -- name: Set detected_distribution to Raspbian - set_fact: - detected_distribution: Raspbian - when: > - raspberry_pi|default(false) and - ( ansible_facts.lsb.id|default("") == "Raspbian" or - ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") ) - -- name: Set detected_distribution to Raspbian (ARM64 on Debian Buster) +- name: Set detected_distribution to Raspbian (ARM64 on Raspbian, Debian Buster/Bullseye/Bookworm) set_fact: detected_distribution: Raspbian + vars: + allowed_descriptions: + - "[Rr]aspbian.*" + - "Debian.*buster" + - "Debian.*bullseye" + - "Debian.*bookworm" when: - ansible_facts.architecture is search("aarch64") - raspberry_pi|default(false) - - ansible_facts.lsb.description|default("") is match("Debian.*buster") + - ansible_facts.lsb.description|default("") is match(allowed_descriptions | join('|')) - name: Set detected_distribution_major_version set_fact: @@ -39,14 +37,6 @@ when: - detected_distribution | default("") == "Raspbian" -- name: Set detected_distribution to Raspbian (ARM64 on Debian Bullseye) - set_fact: - detected_distribution: Raspbian - when: - - ansible_facts.architecture is search("aarch64") - - raspberry_pi|default(false) - - ansible_facts.lsb.description|default("") is match("Debian.*bullseye") - - name: Execute OS related tasks on the Raspberry Pi - {{ action_ }} include_tasks: "{{ item }}" with_first_found: From aa09e3e9dfe4cf9cc8a8f107a0305181e115df9c Mon Sep 17 00:00:00 2001 From: Gabor A Date: Thu, 25 Jan 2024 15:40:56 -0500 Subject: [PATCH 22/23] fix: typos (#416) Co-authored-by: Techno Tim --- inventory/sample/group_vars/all.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index 5b923f7ee..c72ee919a 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -66,9 +66,9 @@ metal_lb_ip_range: "192.168.30.80-192.168.30.90" # Please read https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185 before using this. # Most notably, your containers must be privileged, and must not have nesting set to true. # Please note this script disables most of the security of lxc containers, with the trade off being that lxc -# containers are significantly more resource efficent compared to full VMs. +# containers are significantly more resource efficient compared to full VMs. # Mixing and matching VMs and lxc containers is not supported, ymmv if you want to do this. -# I would only really recommend using this if you have partiularly low powered proxmox nodes where the overhead of +# I would only really recommend using this if you have particularly low powered proxmox nodes where the overhead of # VMs would use a significant portion of your available resources. proxmox_lxc_configure: false # the user that you would use to ssh into the host, for example if you run ssh some-user@my-proxmox-host, From 12be355867a04737005bed9999ccacb417bc71db Mon Sep 17 00:00:00 2001 From: Techno Tim Date: Thu, 25 Jan 2024 16:09:08 -0600 Subject: [PATCH 23/23] feat(k3s): Updated to v1.26 (#207) * feat(k3s): Updated to v1.26.0+k3s2 * feat(k3s): Updated to v1.26.2+k3s1 * feat(k3s): Updated to v1.26.3+k3s1 * feat(k3s): Updated to v1.26.4+k3s1 * feat(k3s): Updated to v1.26.7+k3s1 * feat(k3s): Updated to v1.26.11+k3s2 * feat(k3s): Updated to v1.26.12+k3s1 --- inventory/sample/group_vars/all.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index c72ee919a..caec20556 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -1,5 +1,5 @@ --- -k3s_version: v1.25.16+k3s4 +k3s_version: v1.26.12+k3s1 # this is the user that has ssh access to these machines ansible_user: ansibleuser systemd_dir: /etc/systemd/system